Security Web Digest: A Billion Bogus Disks Sold

Industry report on music piracy doesn't even account for online "sharing"

US Appeals Court says thumnailing images is fair use

"Brand Spoofing" scams through spam spreading

Adobe and IBM t
Intellectual PropertyMore than one billion illegally-copied compact discs were sold last year, a new industry study said on Thursday. In 2002 the sale of pirated CD copies rose 14 percent to 1.1 billion units from the previous year and has more than doubled in the past three years, turning a street-corner trade into an estimated $4.6 billion business, the International Federation of the Phonographic Industry (IFPI) said in its annual piracy report. While the new figures track unauthorized CD sales, it does not take into account the economic toll of online file-sharing, an activity difficult to measure.

Search engines display of miniature images is fair use under copyright law, a federal appeals court ruled Monday, but the legality of presenting full-size renditions of visual works is yet to be determined. The 9th U.S. Circuit Court of Appeals decision is a partial win for defendant Arriba Soft -- an image search engine now known as Ditto.com -- in its case against photographer Leslie Kelly. Kelly sued Arriba Soft in April 1999 for copyright infringement when the companys software had thumbnails and full sizes of Kellys digital photos and made them accessible via its search engine. The court ruled that use of thumbnail images in search engines is legal, confirming an earlier ruling by the same court from February 2002. But the court held Arriba Soft liable for copyright infringement for opening a new window to display full-size images, a practice known as in-line linking or framing. The case is now ordered to go to trial.

Brand Spoofing
A major anti-spam vendor is warning companies to take precautions against an emerging form of spam designed to take advantage of unsuspecting users. SurfControl plc execs said "brand spoofing," in which a spammer disguises E-mail to make it appear as if its from a trusted company in order to extract personal information such as account details and Social Security numbers, is a growing and dangerous form of spam. Among the companies that have been brand spoofed in recent months are Best Buy, UPS, Bank of America, PayPal and First Union Bank, according to SurfControl.
Enterprise
The new cryptography capabilities within Adobe Acrobat 6.0 coupled with IBMs "embedded security subsystem" will boost security within documents created with Adobe Systems Inc.s Acrobat software, the companies said this week. PDF document security will be created using digital signatures and document-access control using public key infrastructure, a form of cryptography. Through PKI, users of the new technology can ensure that the sender is who he or she claims to be and that the content of the document hasnt been changed.
Hacking
A 31-year-old Manhattan financial executive opened his Xbox and soldered in a chip that allowed him to change the consoles basic computer code and bypass its internal security technology. After installing a new hard drive, he transferred about 3,000 MP3 music files to the system and downloaded illegal copies of 3,500 old-time arcade games. Then he installed the Linux operating system, which allowed him to use the box essentially as a personal computer. "The reality is that if you could bypass Microsofts operating system you would end up with a fairly powerful computer for less than $200," the Manhattan financial executive said.